I've never tried sniffing MSN conversations, so someone else might have more specifics. However, if the conversations are, in an way, encrypted, you'd need to have the proper certs, etc, to be able to decrypt the conversation. If they are NOT, the simply selecting one of the packets from the conversation, and right-clicking on it, you can choose 'Follow TCP Stream', and that'll separate out the conversation packets, and open a window of the decoded conversation between the two machines.

So, to clarify, if encrypted, prolly not. If not, follow the stream, and see what you get.

~ hayabusa ~

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

If you right click on a TCP packet in wireshark there is an option to follow the TCP stream. Wireshark will filter all the packets from the given TCP connection and this might give you what you want.

Since this filters to a single TCP stream then you might want to make sure you haven't missed out some of the traffic. Take a look at the filter string and play around with it, perhaps filtering traffic on 1683 only. I've seen the tool Netwitness reconstruct chat sessions, there's a free version of that you can try.

As for tutorials for wireshark, <insert-name-of-search-engine-here> is your friend.

I think that NetWitness is a better option for this. It has some nice features for automatic packet reassembly. I am not sure about MSN IM, but it does a fantastic job rebuilding email conversations for example.